Lista CVE - 2022 / Gennaio
Visualizzazione 1001 - 1100 di 1988 CVE per Gennaio 2022 (Pagina 11 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-38697 | 2022-01-18 | SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution. |
| CVE-2021-41551 | 2022-01-18 | Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link. |
| CVE-2021-41550 | 2022-01-18 | Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code. |
| CVE-2022-0260 | 2022-01-18 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2021-44217 | 2022-01-18 | In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2022-23302 | 2022-01-18 | Deserialization of untrusted data in JMSSink in Apache Log4j 1.x |
| CVE-2022-23305 | 2022-01-18 | SQL injection in JDBC Appender in Apache Log4j V1 |
| CVE-2022-23307 | 2022-01-18 | A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution. |
| CVE-2021-4146 | 2022-01-18 | Business Logic Errors in pimcore/pimcore |
| CVE-2022-0262 | 2022-01-18 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2022-0263 | 2022-01-18 | Unrestricted Upload of File with Dangerous Type in pimcore/pimcore |
| CVE-2021-29872 | 2022-01-18 | IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By... |
| CVE-2020-14110 | 2022-01-18 | AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. |
| CVE-2021-29632 | 2022-01-18 | In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console,... |
| CVE-2021-4083 | 2022-01-18 | A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially... |
| CVE-2021-37865 | 2022-01-18 | Server-side Denial of Service while processing a specifically crafted GIF file |
| CVE-2021-41809 | 2022-01-18 | SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, allows requests from server. |
| CVE-2021-41807 | 2022-01-18 | Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0, allows brute-forcing of certain type of user accounts. |
| CVE-2021-41808 | 2022-01-18 | In M-Files Server product with versions before 21.11.10775.0, enabling logging of federated authentication would write sensitive information to event logs. |
| CVE-2022-0172 | 2022-01-18 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL... |
| CVE-2021-39927 | 2022-01-18 | Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests... |
| CVE-2022-0152 | 2022-01-18 | An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab... |
| CVE-2022-0151 | 2022-01-18 | An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab... |
| CVE-2022-0244 | 2022-01-18 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file. |
| CVE-2022-0124 | 2022-01-18 | An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows... |
| CVE-2022-0154 | 2022-01-18 | An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab... |
| CVE-2022-0125 | 2022-01-18 | An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab... |
| CVE-2022-0093 | 2022-01-18 | An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access... |
| CVE-2022-0090 | 2022-01-18 | An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore... |
| CVE-2021-39946 | 2022-01-18 | Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of... |
| CVE-2021-39942 | 2022-01-18 | A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2,... |
| CVE-2021-39892 | 2022-01-18 | In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses... |
| CVE-2020-14107 | 2022-01-18 | A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN. |
| CVE-2021-37866 | 2022-01-18 | Session is not invalidated on server-side when user logged out of Boards |
| CVE-2021-37867 | 2022-01-18 | Emails of all users are exposed via one of the Boards APIs |
| CVE-2021-37864 | 2022-01-18 | Users can view the contents of an archived channel when access is explicitly denied by the system admin |
| CVE-2022-22691 | 2022-01-18 | Umbraco Password Reset URL Poison |
| CVE-2022-22690 | 2022-01-18 | Umbraco Remote ApplicationURL Overwrite |
| CVE-2022-0236 | 2022-01-18 | WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure |
| CVE-2021-43353 | 2022-01-18 | Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2022-0232 | 2022-01-18 | User Registration, Login & Landing Pages – LeadMagic <= 1.2.7 Admin+ Stored Cross-Site Scripting |
| CVE-2021-4074 | 2022-01-18 | WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting |
| CVE-2022-0233 | 2022-01-18 | ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 Authenticated Stored Cross-Site Scripting |
| CVE-2022-0210 | 2022-01-18 | Random Banner <= 4.1.4 Admin+ Stored Cross-Site Scripting |
| CVE-2022-0215 | 2022-01-18 | XootiX Plugins <= Various Versions Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2021-29215 | 2022-01-18 | A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restriction bypass in the TEZ MapR ecosystem component was discovered in version(s): Prior to Tez-0.8:... |
| CVE-2022-23083 | 2022-01-18 | NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an... |
| CVE-2022-21683 | 2022-01-18 | Comment reply notifications sent to incorrect users in wagtail |
| CVE-2021-46005 | 2022-01-18 | Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter. |
| CVE-2021-46013 | 2022-01-18 | An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once... |
| CVE-2021-34401 | 2022-01-18 | NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER, where improper access control may lead to code execution, compromised integrity, or denial of service. |
| CVE-2021-34402 | 2022-01-18 | NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is... |
| CVE-2021-34403 | 2022-01-18 | NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, which allows any user with a local account to exploit a use-after-free condition, leading to code privilege escalation, loss of confidentiality... |
| CVE-2021-34404 | 2022-01-18 | Android images for T210 provided by NVIDIA contain a vulnerability in BROM, where failure to limit access to AHB-DMA when BROM fails may allow an unprivileged attacker with physical access... |
| CVE-2021-34405 | 2022-01-18 | NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEE_Malloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service. |
| CVE-2021-34406 | 2022-01-18 | NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot. |
| CVE-2021-44840 | 2022-01-18 | An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By... |
| CVE-2021-44838 | 2022-01-18 | An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a POST request indicating the risk to access with the id parameter, it is possible for users... |
| CVE-2021-44839 | 2022-01-18 | An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user... |
| CVE-2021-44836 | 2022-01-18 | An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST... |
| CVE-2022-21696 | 2022-01-18 | Username spoofing in OnionShare |
| CVE-2022-23408 | 2022-01-18 | wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2.... |
| CVE-2022-21673 | 2022-01-18 | OAuth Identity Token exposure in Grafana |
| CVE-2022-21688 | 2022-01-18 | Out-of-bounds Read in Onionshare |
| CVE-2022-21695 | 2022-01-18 | Improper Access Control in Onionshare |
| CVE-2022-21691 | 2022-01-18 | Improper Access Control in Onionshare |
| CVE-2022-21693 | 2022-01-18 | Path traversal in Onionshare |
| CVE-2022-21689 | 2022-01-18 | Denial of Service in Onionshare |
| CVE-2022-21692 | 2022-01-18 | Improper Access Control in Onionshare |
| CVE-2022-21700 | 2022-01-18 | Memory leak in micronaut-core |
| CVE-2022-21690 | 2022-01-18 | Cross-Site Scripting in Onionshare |
| CVE-2022-21694 | 2022-01-18 | OTF-006: Broken Website Hardening Control: The CSP can be turned on or off but not configured for the specific needs of the website |
| CVE-2021-33912 | 2022-01-19 | libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a... |
| CVE-2021-33913 | 2022-01-19 | libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted... |
| CVE-2022-21704 | 2022-01-19 | Incorrect Default Permissions in log4js-node |
| CVE-2022-23221 | 2022-01-19 | H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392. |
| CVE-2022-22152 | 2022-01-19 | Contrail Service Orchestration: Tenants able to see other tenants policies via REST API interface |
| CVE-2022-22153 | 2022-01-19 | SRX Series and MX Series with SPC3: A high percentage of fragments might lead to high latency or packet drops |
| CVE-2022-22154 | 2022-01-19 | Junos Fusion: A Satellite Device can be controlled by rewiring it to a foreign AD causing a DoS |
| CVE-2022-22155 | 2022-01-19 | Junos OS: ACX5448: FPC memory leak due to IPv6 neighbor flaps |
| CVE-2022-22156 | 2022-01-19 | Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL |
| CVE-2022-22157 | 2022-01-19 | Junos OS: SRX Series: Traffic classification vulnerability when 'no-syn-check' is enabled |
| CVE-2022-22159 | 2022-01-19 | Junos OS: An attacker sending crafted packets can cause a traffic and CPU Denial of Service (DoS). |
| CVE-2022-22160 | 2022-01-19 | Junos OS: MX Series: The bbe-smgd process crashes if an unsupported configuration exists and a PPPoE client sends a specific message |
| CVE-2022-22161 | 2022-01-19 | Junos OS: MX104 might become unresponsive if the out-of-band management port receives a flood of traffic |
| CVE-2022-22162 | 2022-01-19 | Junos OS: A low privileged user can elevate their privileges to the ones of the highest privileged j-web user logged in |
| CVE-2022-22163 | 2022-01-19 | Junos OS: jdhcpd crashes upon receipt of a specific DHCPv6 packet |
| CVE-2022-22164 | 2022-01-19 | Junos OS Evolved: Telnet service may be enabled when it is expected to be disabled. |
| CVE-2022-22166 | 2022-01-19 | Junos OS: An rpd core will occur if BGP update tracing is configured and an update containing a malformed BGP SR-TE policy tunnel attribute is received |
| CVE-2022-22167 | 2022-01-19 | Junos OS: SRX Series: If no-syn-check is enabled, traffic classified as UNKNOWN gets permitted by pre-id-default-policy |
| CVE-2022-22168 | 2022-01-19 | Junos OS: vMX and MX150: Specific packets might cause a memory leak and eventually an FPC reboot |
| CVE-2022-22169 | 2022-01-19 | Junos OS and Junos OS Evolved: OSPFv3 session might go into INIT state upon receipt of multiple crafted packets from a trusted neighbor device. |
| CVE-2022-22170 | 2022-01-19 | Junos OS: Specific packets over VXLAN cause FPC memory leak and ultimately reset |
| CVE-2022-22171 | 2022-01-19 | Junos OS: Specific packets over VXLAN cause FPC reset |
| CVE-2022-22172 | 2022-01-19 | Junos OS and Junos OS Evolved: An l2cpd memory leak can occur when specific LLDP packets are received leading to a DoS |
| CVE-2022-22173 | 2022-01-19 | Junos OS: CRL failing to download causes a memory leak and ultimately a DoS |
| CVE-2022-22174 | 2022-01-19 | Junos OS: QFX5000 Series, EX4600: Device may run out of memory, causing traffic loss, upon receipt of specific IPv6 packets |
| CVE-2022-22175 | 2022-01-19 | Junos OS: MX Series and SRX Series: The flowd daemon will crash if the SIP ALG is enabled and specific SIP messages are processed |
| CVE-2022-22176 | 2022-01-19 | Junos OS: In a scenario with dhcp-security and option-82 configured jdhcpd crashes upon receipt of a malformed DHCP packet |
| CVE-2022-22177 | 2022-01-19 | Junos OS and Junos OS Evolved: After receiving a specific number of crafted packets snmpd will segmentation fault (SIGSEGV) requiring a manual restart. |